When to Support Windows 10 64bit OS and Windows Hello？
Looking forward to the Version.
1Password Version: 6.6.405
Extension Version: 188.8.131.52
OS Version: Windows 10 Creator
Sync Type: Not Provided
Thanks for your interest in 1Password for Windows.
We're working on bringing 1Password back to the Windows Store and we'd love to have it integrate with Windows Hello.
[email protected] ,
Can't wait to see the features in Windows 10!
All the Windows 10 Users.
I'd really like Hello support so I can use my laptop biometric fingerprinter reader like I do TouchID on my iphone. Is Hello support on the near term road map...3 months or less?
We had Windows Hello support in the previous UWP version of 1Password and we plan to maintain that in the next version that we're working on in order to bring support to Edge. We don't have a timeframe yet.
Note that Windows Hello would be limited to running instances after the initial unlock with the master password. We don't have a consistent secure place to store a hashed version of your master password, so we'll have to keep it in memory with the running instance. This is unlike Touch ID on your iPhone where there is a secure hardware storage for such passwords.
For devices that have SGX, would that permit a TouchID like experience? I realize SGX is very new, and most people won't have it. But my laptop does have it.
Not likely, you're still depending on Intel software + app + BIOS support to enable full SGX support. It protects against certain attack surfaces but not all of them. We'll certainly look at it after we finish with the new version first.
Surely you can use the TPM for secure storage?
As far as I'm aware, one of the prerequisites for Windows Hello is TPM 2.0.
Not initially, they started requiring TPM 2.0 support for all new Windows 10 hardware from July 2016 (source, scroll down to 3.7 Trusted Platform Module (TPM)). Windows Hello can be used without TPM. Note that Windows Hello is a brand that includes various features like PIN, Facial/Fingerprint biometric, FIDO hardware key, etc.
In addition, TPM usually have very little storage, it doesn't have enough capacity to store all keys you generate. You use TPM to generate hardware-based keys to protect data on the drive, not to store the data. That way, the keys on the drive is paired with the hardware and you cannot have one without the other.
You can read the this link to learn more.
Hi @MikeT - fair enough, I don't know a great deal about TPM, but I was of the understanding that they did allow storage.
Thinking about it slightly differently - what if you used the TPM to hash the master password on its initial input, then used that key (which can be stored in a file as it's tied to the hardware) to unlock 1password?
It's a different way of looking at it, but equally secure as the TPM generated key is only usable with that particular TPM, and therefore if it is stolen it is no use to anyone, and it seems more secure than inputting the master password.
Just a thought?
We already derive an encryption key based on your master password on each machine to encrypt the database file, we don't store your master password anywhere. We could re-encrypt the key with the use of TPM to lock it down and provide a temporary PIN access. However, that only protects you against hardware theft, it does nothing to deter key-loggers or malware. We'd have to limit it to one-time use only and so on. We already had a malware issue on Touch ID that didn't work out well on macOS, so we most likely will be limiting that support further in the future.
You'd still be better off encrypting your entire drive with TPM instead of just 1Password for the hardware theft protection.
any timeframe on this? i would also like to see windows hello/windows 10 integration.
@macgeek21: Just to clarify, 1Password 6 is already a 64-bit app. We don't discuss release dates for unreleased features and updates, but Windows Hello, on the other hand, isn't something that can happen in the short term. That is only possible with a UWP app, and right now we're focused on the desktop version since we need to support Windows 7 (and 8.1) in addition to Windows 10. I'm sure we'll have more to say on this topic once the time comes though. Thanks for your interest!